Computational Secure ORAM (COMP SE-ORAM) with ῶ(log n) overhead: Amazon S3 case study – Random Access Location Thierry Mbah Mbelli First National Bank Johannesburg, South Africa e-mail: mbellimbah@hotmail.com Abstract – Oblivious RAM (ORAM) is a strong- provable secured approach to accessing cloud stored objects. Many ORAM models have been proposed to improve storage, communication and privacy efficiency of the ORAM constructions with no much attention paid to a holistic approach to the oblivious cloud storage security. Statically secure ORAM models generally have the security overhead of ῶ(log 2 n) where n is the memory size. This paper proposes an ORAM model with computational security overhead of ῶ(log n) using Amazon Simple Storage (Amazon S3) as a storage model. Another benefit of this proposed model is its conceptual simplicity at implementation. The construction of this model is based on the ORAM model proposed by Kai-Min Chung, Zhenming Liu and Rafael Pass. The crucial ramification of this model is to reduce the overhead from ῶ(log 2 n) to ῶ(log n). Using the Amazon S3, security analysis was conducted with the result incurring ῶ(log n) security overhead. This is achieved by randomizing the location of the storage node. Key words: Cloud security, Oblivious RAM, Privacy, Amazon S3, Random Access Location. I. INTRODUCTION Data management and security has been widely studied with some research focused on some kind of cloud computing [7]. The agility of business has traditionally compelled companies to choose between the speed and security of data. Profit has been a before thought and security has been an afterthought. Virtualization technology and cloud computing has enabled big, small businesses and enterprises to migrate their applications and data into the cloud environments. This has leveraged server consolidation to achieve high resource efficiency. This has also lead to better availability and fault tolerant of applications [3]. ORAM constructions have been extensively studied with some of the proposed ORAM models enjoying computational security while others having computational overhead of ῶ(log 2 n). The question is; can the computational security overhead be reduced from ῶ(log 2 n) to ῶ(log n) with the benefit of implementation simplicity? This paper tries to answer this question. Amazon Web Services (AWS) has introduced continuous development practices and security without impacting delivering speed with encryption as data security model [1]. Storage on the server side is organized as a binary tree with each node able to store s data where s is a system parameter and an even number [10]. In order to protect data in the cloud, the physical space needs to be protected. A boundary security had been proposed to detect anomalies in the physical space hosting cloud data [2]. AWS operates the global cloud infrastructure that is used to provision a variety of basic computing resources such as storage and processing. This infrastructure includes the facilities, networking, hardware and software that support the provisioning and use of the resources. The AWS infrastructure is designed with best practices as the guiding principle and compliance standards, in addition to the shared security responsibility model. In AWS infrastructure setup, network devices and other boundary devices are in place to monitor and control communication at external boundary of the network and at key internal boundaries within the network. The network devices include firewall and the boundary devices employing access control lists (ACLs), configurations and role sets to enforce the flow of information to system services and external information consumers. Monitoring the health of cloud data and security is crucial to the stability of cloud computing systems [5]. Amazon Simple Storage Service (S3) allows the uploading and retrieving of data from Amazon infrastructure at any time from any location, either using a console, API or SDK. Amazon S3 stores data as objects within bucket that has friendly user- defined name. Access to data stored in Amazon S3 is restricted by default, with only the creator having full access Open Rubric